name not one of our zones

Kevin Darcy kcd at daimlerchrysler.com
Sat Jul 15 03:54:09 UTC 2000 

allow-update { none; }; is the default, so you don't really need it for every
zone, unless you have something different in your "options" clause which you
want to override. It governs who can perform Dynamic Updates to your zones.

allow-transfer restricts who can do zone-transfers of the zone (again, you can
set this globally as well as per-zone). Note that "zone-transfers" aren't just
server-to-server transactions; they can also come from client queries, e.g.
the "ls" command in "nslookup". Opinions differ as to whether there is a point
to restricting zone transfers or not: on the one hand, why make things any
easier for a would-be cracker?; on the other hand, it's public information
that a determined cracker can probably find out anyway, and such weak
safeguards might lead to a *false* sense of security and/or encourage would-be
crackers to probe your site even further. Similar arguments apply to whether
you should obscure your BIND version (although one somewhat-compelling
argument to be made in that case is that version-obscuring kinda sorta
protects you from script kiddies in between the time a vulnerability is found
and when you are able to upgrade to the non-vulnerable version).


- Kevin


John Smith wrote:

> oh shoot my bad...it's working now:))
> one more thing though
>
> in /etc/named.conf under each zone there is two lines
> allow-update and allow transfer
> allow transfer that's where this zone can be transfered..
> and allow-update whats that?
>
> -----Original Message-----
> From: kcd at daimlerchrysler.com [mailto:kcd at daimlerchrysler.com]
> Sent: Friday, July 14, 2000 8:12 PM
> To: Bind-Users
> Subject: Re: name not one of our zones
>
> It's "masters", not "master". Your slave zone definition is being rejected.
> This should have been obvious from the logs.
>
> - Kevin
>
> unknown wrote:
>
> > oh and i'm sorry i forgot to include from ns3 /etc/named.conf
> >
> > zone "kykla.com" {
> >         type slave;
> >         master { 63.251.19.66; };
> >         file "kykla.com";
> > };
> >
> > -----Original Message-----
> > From: kcd at daimlerchrysler.com [mailto:kcd at daimlerchrysler.com]
> > Sent: Friday, July 14, 2000 7:45 PM
> > To: Bind-Users
> > Subject: Re: name not one of our zones
> >
> > Do you have a slave definition in /etc/named.conf on ns3?
> >
> > - Kevin
> >
> > unknown wrote:
> >
> > > i need to setup "real" 2nd ns server in case if first goin go down for
> > some
> > > reasons..
> > > and i need bind to have both master and slave zone on two physicly
> > different
> > > server..
> > > i'm sure you know what i'm talkin about:) here it is
> > >
> > > some lines from /etc/named.conf from ns1
> > >
> > > zone "kykla.com" {
> > >         type master;
> > >         allow-update { none; };
> > >         allow-transfer { 63.251.19.67;63.251.19.68; };
> > >         file "kykla.com";
> > > };
> > >
> > > here is kykla.com file
> > >
> > > kykla.com.              IN      SOA     kykla.com.      root.kykla.com.
> (
> > >                         141120001       ; Serial
> > >                         10800           ; Refresh after 3 hours
> > >                         3600            ; Rety after 1 hour
> > >                         604800          ; Expire after 1 week
> > >                         86400 )         ; Minimum TTL of 1 day
> > > kykla.com.              IN      NS      ns1.spde.com.
> > > kykla.com.              IN      NS      ns3.spde.com.
> > > kykla.com.              IN      A       63.251.19.68
> > > kykla.com.              IN      MX 10   kykla.com.
> > > www.kykla.com.          IN      CNAME   kykla.com.
> > >
> > > when i did ndc restart, /var/log/messages says this...
> > >
> > > Jul 14 19:25:57 ns1 named[18364]: master zone "kykla.com" (IN) loaded
> > > (serial 141120001)
> > > Jul 14 19:26:03 ns1 named[18365]: Sent NOTIFY for "kykla.com IN SOA"
> > > (kykla.com); 1 NS, 1 A
> > >
> > > from ns3 in /var/log/messages it says
> > >
> > > Jul 14 19:31:22 tucows named[15966]: rcvd NOTIFY(kykla.com, IN, SOA)
> from
> > > [63.251.19.66].1059
> > > Jul 14 19:31:22 tucows named[15966]: rcvd NOTIFY for "kykla.com", name
> not
> > > one of our zones
> > >
> > > what am i doin wrong?
> > >
> > >                   _/_/   _/         _/_/_/   _/     _/   _/     _/
> _/_/_/
> > >                 _/  _/  _/        _/    _/  _/     _/   _/     _/ _/
> _/
> > >               _/    _/ _/        _/          _/  _/    _/     _/ _/
> > >              _/    _/ _/        _/_/_/       _/_/     _/     _/  _/_/_/
> > >             _/_/_/_/ _/        _/          _/  _/    _/     _/       _/
> > >            _/    _/ _/     _/ _/     _/  _/     _/  _/     _/ _/    _/
> > >           _/    _/ _/_/_/_/    _/_/_/   _/      _/   _/_/_/   _/_/_/
> > >
> > >                      (W)orld(W)ide(W)eb: http://www.alexus.org/

More information about the bind-users mailing list